So, how DO some of these phishers get your information?

ramma77

ramma77

Krytan Explorer

Join Date: Dec 2005

South Shields, England

The Psycho Titans

R/

Quote:
Originally Posted by Rexion
I hate to use this one reference, but it is probably something ANet should implement.

If anyone has played RuneScape in the past year, you would know that to get into your bank, you must click, with your mouse, in a 4 number code.
ANet should implement this when logging in.
All you have to do is type email in, type password in, punch 4 numbers by CLICKING a 4 number code. That way, even if your password is stolen, they still can't get into your account.

Simple answer. Would work well.

/signed

make it so number one

imnotyourmother

Desert Nomad

Join Date: Mar 2008

in a house

The Knitters Guild

W/R

My 2 cents.

I went to change my password the other day as I have never changed my password in ages as i can remember it. My password is a long as allowed and it is not just letters but also num63rs.

What struck me was the fact that my "account name" was the name of my Very First char that I made. I deleted it over a year ago but I thought that was odd.

So if you are using your main toon and someone asks you is this the first toon that you ever made? Right there they have half of the information needed to hack your account.

Looking back on it I am glad that I delete my very first toon. I just got a second account so that I can have storage between the two in pre-searing ascalon and you want to bet if I made a toon and then deleted it straight off?? If you do then you would loose.

Wolf2581

Wolf2581

Frost Gate Guardian

Join Date: Apr 2006

Joliet, IL, USA

Hardcore Militants United [HMU]

Me/

Quote:
Originally Posted by zwei2stein
Don't trust antiviruses that much!
Antivirus software will go only so far, as zwei2stein accurately pointed out. A much more effective line of security is to configure your firewall to prompt before a new program is allowed outbound access. This is good practice in general and especially when in fear of keyloggers. If you notice blorgo.exe wants to send data to some random Kazakhstani IP, you might want to block it.

Marverick

Marverick

Forge Runner

Join Date: Aug 2006

R/

Quote:
Originally Posted by zwei2stein
Don't trust antiviruses that much!

first, it takes time to identify virus, analyze it and add it to detection database and for you to update software. It can take hours/days during which you are vulnurelalble.

seccond, rare "nasties" - i.e. keylogger which was made to target GW and is only on dozen of computers worldwide - might never be discovered because they are simply under radar.

there is more, but point is that you can only trust your AV to protect you from past threats that are no longer really dangerous.
ThreatFire is ftw. It'll catch anything trying to log keystrokes without needing to know what it is.

AKB48

AKB48

Jungle Guide

Join Date: Jul 2008

みやき町

Mo/A

Quote:
Originally Posted by Marverick
ThreatFire is ftw. It'll catch anything trying to log keystrokes without needing to know what it is.
I would say anything. Just don't watch porno and you'll be in the clear, no need for antiviruses!

BlueNovember

BlueNovember

Wilds Pathfinder

Join Date: Sep 2005

WTS GW2 items for Zkey

Mo/

Going on a tangent slightly;

From the login screen;
"Recently scammers have posted two bogus videos on the internet to trick Guildwars players into revealing account information. One video alleges to show players how to hack into Guildwars, while the other offers early entry into Guild Wars 2 beta. Both of these videos are directly linked to recent account thefts. ...."

Anyone actually come across such videos? It's certainly the first I've heard of them.
I did a brief search on youtube to no avail. Did find some epically amusing "guildwars hack" "guildwars dupe".
They were _fantastic_.
"instant level 20 pve character" -> horrifically badly cut together video making a pvp character
"speed cheat" -> random client side uselessness

Perhaps this truely is the cause of recent account thefts? Either way, links appreciated.

BLOODGOAT

BLOODGOAT

Wilds Pathfinder

Join Date: Jun 2007

long a

Mo/

Quote:
Originally Posted by Wolf2581
A much more effective line of security is to configure your firewall to prompt before a new program is allowed outbound access.
Mine has always been setup in such a way.

viper11025

viper11025

Wilds Pathfinder

Join Date: Mar 2007

02/18/05 (Pm me with the place, its a riddle)

A/

Quote:
Originally Posted by BLOODGOAT
Mine has always been setup in such a way.
I'm nto that extreme, but my anti-virus might disagree.......seriously scammers need a life.
>.>

Wolf2581

Wolf2581

Frost Gate Guardian

Join Date: Apr 2006

Joliet, IL, USA

Hardcore Militants United [HMU]

Me/

Quote:
Originally Posted by BLOODGOAT
Mine has always been setup in such a way.
Good, but then unfortunately the cause of your predicament was human error.

wanmoke

Frost Gate Guardian

Join Date: May 2007

In the land of Do Not Disturb

Wind Riders

R/

Honestly, the only person who can answer this question is someone with the knowledge and experience. And would you admit to having broken the law and possibly facing punishment for it?

Divisor

Academy Page

Join Date: Mar 2006

Vesuvian Doppelgankers [VoD]

W/

I believe the OP when he says he didn't download anything and didn't tell anyone his account info...
I recently got hacked myself, and I have never downloaded anything GW-related (no texmod, no nothing) nor do I go to any other GW sites than GWG and QQ forums (where my account info is different than my ingame info). I never to my knowledge got into a suspicious trade or answered any weird questions. Also I used the -password command line, so I'm not sure if it was a keylogger at all. My virus scanner didn't detect anything either.

In short, I have no clue how I got hacked at all. Could it be some kind of exploit in the playNC site? I really don't see how this can happen.

Numa Pompilius

Numa Pompilius

Grotto Attendant

Join Date: May 2005

At an Insit.. Intis... a house.

Live Forever Or Die Trying [GLHF]

W/Me

How people get hacked:

1) They tell someone their PW and username. Typically it's a relative or friend who just wants to try the game. The relative/friend or his friend uses the information maliciously.
This is by far, far, FAR, the most common way to get hacked. Massively, hugely, common.

2) The player downloads teh 133t ûbEr h4xX0r software which promises to give them gold, clear map, powerful weapons, and free sex & beer. The program seems to crash or not run. The player now has a keylogger which'll record his PW and username and send it to whoever made the software.

3) They go to teh 133t ûbEr h4xX0r website which requires registering, and foolishly register using the same password and username as they use in GW.

(Seriously, websites advertising hacks and cheats are run by scum, and it'll never cease to amaze me that users think those scum will not hack/defraud also their own users.)

4) They do one of the above but instead of using their GW username and PW they use their webmail username and PW (or use and unsafe webmail), and have mails with username and PW in their mailbox.


And this is how people do NOT get their GW accounts hacked:

1) Hacker brute-forcing the account by randomly testing passwords.


Finding out exactly how someone got hacked is usually impossible. No one ever admits to giving out pw & username to a friend (or having it written down on a post-it on the monitor and letting the neighbors kids use the computer), and no one ever admits to having tried hack/cheat software, or to using the same PW/username in other places.

So everyone seems to have been hacked by a brute-force hacker randomly testing passwords.

Kula

Kula

Lion's Arch Merchant

Join Date: Jun 2005

West Coast, USA

Mo/E

Quote:
Originally Posted by Rexion
I hate to use this one reference, but it is probably something ANet should implement.

If anyone has played RuneScape in the past year, you would know that to get into your bank, you must click, with your mouse, in a 4 number code.
ANet should implement this when logging in.
All you have to do is type email in, type password in, punch 4 numbers by CLICKING a 4 number code. That way, even if your password is stolen, they still can't get into your account.

Simple answer. Would work well.
I was just about to suggest something like this. I recently tried out a new MMO called "Perfect World" where they give you the option to enter your password using a virtual keyboard at the login screen. This requires using mouse clicks instead of actual keyboard punches so that keyloggers cannot capture the characters you're inputting.

Also, I think they even have an optional 2nd password you can set for your bank account ( kinda like Xunlai chest) as a feature!

GW is a fairly old game now. Implementing new security features may just not be cost effective as most of the resources are being directed towards GW2. But hopefully they will implement this extra feature in that game.

Painbringer

Painbringer

Furnace Stoker

Join Date: Jun 2006

Minnesota

Black Widows of Death

W/Mo

Misleading Applications are the big influx of how people are getting malware. They look like error messages from windows or virus found click here to resolve. Some of these look legit and people think they are doing the right thing by clicking. Well if you click I am sorry for you. Which intern opens the door to viruses key loggers and hijackers etc..

Clean your system to combat this. Keep your cookies under control, and scan and update your viral software constantly. Don’t reley on the system doing it for you do it manually and regularly.

For phishing e-mails. I am sure they are easy for someone. You sign up for a free magazine or online thing (the miniature give away for example) and you may be sold to a marketing list. Even just surfing Guru all you have to do is send a private e-mail. Granted you don’t see the e-mail address but you do if they reply. Be safe and clean

xOdin

xOdin

Ascalonian Squire

Join Date: Mar 2006

Hall of Heros

Add Me to Face [Book]

W/

No matter how smart you think you are, there is always someone smarter.

This thread covers the bare basics in regards to "not getting hacked"

There are exploits / vuln's out there that someone with basic computer knowledge won't even begin to comprehend.

There is no fool proof way not to get hacked.
You are never "unhackable"...

Having A Seperate Email for your game might help. (Noted that this email is not used ANYWHERE other than in your guildwars account) Not used to register for anything ect..

Having a Seperate Password for everything might help, and it most cases is your best bet.

-Password, usless, even more dangerous. Yeah, I'll admit it was nice when you there was no Character Selection Logout path, and it would auto login ect... But Anyone with access to the computer, remote or local, could easily see the password saved in the target.

LoL@ all this talk about keyloggers...
For all of those that love that Virtual Keybored,

Start>All Programs>Accessories>Accessibility>On-Screen Keyboard

Bottom line is, if your system is compromised by a keylogger, or any malicious program, there isn't much you can do..
Easiest thing to do would be to get your login information for your email and do a password recovery on your GW acct.

If you've got a properly configured firewall, as previously posted, and you know what to look for "hack.exe is trying to establish a connection with soandso" and not hitting accept, the keylogger ect.. usless.

Almost all hacks are User Error, and those that could find any email and change the confirmation for changing gw emails ect... wouldn't be farming on their new account. They wouldn't have to...

Think about it a little

1 up and 2 down

1 up and 2 down

Wilds Pathfinder

Join Date: Mar 2007

Rt/

Quote:
Originally Posted by Numa Pompilius

Finding out exactly how someone got hacked is usually impossible. No one ever admits to giving out pw & username to a friend (or having it written down on a post-it on the monitor and letting the neighbors kids use the computer), and no one ever admits to having tried hack/cheat software, or to using the same PW/username in other places.

So everyone seems to have been hacked by a brute-force hacker randomly testing passwords.
Yeah, this always cracks me up.